mirror
/
activitypub-single-php-file
kopia lustrzana https://gitlab.com/edent/activitypub-single-php-file
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Better casing of signature verification

merge-requests/5/head
Terence Eden 2024-02-26 16:15:04 +00:00
rodzic 5e6a98dee3
commit cd145915be
1 zmienionych plików z 8 dodań i 7 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

15
index.php
Wyświetl plik

@ -775,10 +775,12 @@ HTML;
// Get the headers send with the request
$headers = getallheaders();
// Ensure the header keys match the format expected by the signature
$headers = array_change_key_case( $headers, CASE_LOWER );
// Validate the timestamp is within ±30 seconds
if ( !isset( $headers["Date"] ) ) { return null; } // No date set
$dateHeader = $headers["Date"];
if ( !isset( $headers["date"] ) ) { return null; } // No date set
$dateHeader = $headers["date"];
$headerDatetime = DateTime::createFromFormat('D, d M Y H:i:s T', $dateHeader);
$currentDatetime = new DateTime();
@ -802,7 +804,7 @@ HTML;
// Validate the Digest
// It is the hash of the raw input string, in binary, encoded as base64
$digestString = $headers["Digest"];
$digestString = $headers["digest"];
// Usually in the form `SHA-256=Ofv56Jm9rlowLR9zTkfeMGLUG1JYQZj0up3aRPZgT0c=`
// The Base64 encoding may have multiple `=` at the end. So split this at the first `=`
$digestData = explode( "=", $digestString, 2 );
@ -839,7 +841,7 @@ HTML;
}
// Examine the signature
$signatureHeader = $headers["Signature"];
$signatureHeader = $headers["signature"];
// Extract key information from the Signature header
$signatureParts = [];
@ -856,14 +858,13 @@ HTML;
foreach ($signatureHeaders as $signatureHeader) {
if ( "(request-target)" == $signatureHeader ) {
$method = strtolower( $_SERVER["REQUEST_METHOD"] );
$target = strtolower( $_SERVER["REQUEST_URI"] );
$target = $_SERVER["REQUEST_URI"];
$signatureString .= "(request-target): {$method} {$target}\n";
} else if ( "host" == $signatureHeader ) {
$host = strtolower( $_SERVER["HTTP_HOST"] );
$signatureString .= "host: {$host}\n";
} else {
// In the HTTP header, the keys use Title Case
$signatureString .= "{$signatureHeader}: " . $headers[ ucwords( $signatureHeader, "-" ) ] . "\n";
$signatureString .= "{$signatureHeader}: " . $headers[$signatureHeader] . "\n";
}
}